I'm looking at the API for authentication
https://docs.djangoproject.com/en/1.3/topics/auth/
I can't seem to find information on simple user registration form that would send confirmation email as it is the usual way on web sites.
I guess I could do this:
1) Display a form
2) User enters info and submits
3) Save user as inactive, with a confirmation code
4) Send a link with confirmation code
5) User clicks a confirmation link and becomes active
It doesn't seem that difficult but I have a feeling this might be done already, and also there are quite a few edge cases that would need to be considered.
It's not built into Django. There is a reusable app called django-allauth, which will fit your needs.
An app called django-registration used to be recommended, but that is now unmaintained and out of date.
Editor note: django-registration is not unmaintained as of December 2016.
While django-registration used to be the registration system du jour, it has been abandoned by the maintainer and doesn't work on Django 1.6 without patching.
Try maybe django-allauth - I would have used it if I had known about it when I was looking. (As it turned out, I found this question first and used django-registration, wasting a lot of time.)
EDIT 10/2016: Looks like django-registration is maintained again. It's on GitHub now: https://github.com/ubernostrum/django-registration
You can do this:
Define a function to activate the user (i. e. def
activate(request))
Configure in the url.py the route to that function (i.e /activate/)
Create a form to register user
Create the post function to create the user
When you create the user set field 'is_active' to 0.
In the same function send the email with a link inside, this link must have the target as the configured route
Related
How can i show the time of last seen(be online)of user in django?
Is there any default function or library to import it to do that?
Or if there any code inn github tell me please
**Note : ** when a user close page or disconnect the time update
You should inherit django's AbstractBaseUser in your user model, it already has an inbuilt last_login attribute. In fact it is considered a good practice to inherit AbstractBaseUser for creating your user which is provided in django default auth modules.
There is few options.
you can add a code to your views to check for user or session id (depends on how do you want it to work. for registered users or every users or ... ) and every time a user request for a page, you can update that this user has been active on the site on this time.
but this option seem to be usable when you need to track a user in a small project with few pages.
another option which seem more right to do is to use middleware. by using middleware you don't need to change your code in all of your views. simply make a custom middleware and everything will be done with few lines of code
you can check an example of this middleware here:
Django: How can I check the last activity time of user if user didn't log out?
or
Django get last user visit date
and for disconnected part i think you can't do much with django. and also you can't be sure when user closed the page.
the best option here is to use a javascript code to run like every 10 sec and tell django that the user is still on the page.
I am working on a project in a team using Django. I am trying to implement User Registration part in Django. This is what I have done so far.
I have created a separate application within my project called signup.
In this application, I am providing a page to the anonymous user to sign up for my web application. The user is able to sign in successfully and I can see him as admin inside Django Admin interface.
I am also using django-allauth. Now, I want that whenever the user signs up, the admin should accept/reject the users registration. How can I achieve that in allauth?
This is what I have done so far. I have created a separate application within my project called signup.
You don't need to do this, as Django Allauth already does it. As soon as you get it running, which takes some time, allauth will already have standard apps, with views + templates for users who want to signup, login, change password, recover password, etc.
You can make new users have to confirm an email before using your app by specifying this in settings.py
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
However, I do not see a reason why you would want to manually accept users with human input. If that is the case, I suggest removing all signup pages, and manually creating users from a shell window or admin panel on request.
If you want more detail on how to set it up, try example1 or further reading.
Looking to implement social authentication in our application with LinkedIn, Google, Facebook. I'm currently using flask-security to help manage users/roles in our application. I'm looking for some guidance on best practices with Flask/Flask-Security and Social Authentication.
I've seen the flask-social plugin, but I'd like to have the option of local form-based login, too.
So far, I'm planning on writing a new login view implementation for flask-security that can determine whether I'm using a social site (via passing a query parameter when user clicks on "login with XYZ") for the login. After social authentication occurs, I was planning on running the regular flask-security login to set all the appropriate session tokens and user and roles so the #login_required decorator will continue to work.
I didn't really see any hooks for overriding the login view function in flask-security, so I'm planning on either 1) copying the existing implementation into my own app or 2) calling flask_security_views::login.
However, I'm wondering if there's some of this that's already been implemented somewhere, or a better start. It seems like I'm really going to be cutting up a lot of existing code.
Thanks
Mark Hildreth is correct.
flask-social allows you to log in via a form (username/password) or via social.
So you can use it in conjunction with flask-security, flask-login, or whatever password-based authentication you want. I have used flask-social in conjunction with flask-security and can confirm they work quite well together.
flask-social links each User object to zero or more additional social accounts, which are stored in a separate table/datastore. Thus, it does not replace the existing password infrastructure...it just augments the User model and adds additional social methods to also allow for the user to log in alternatively via social accounts.
From a very old blog post from FB:
As promised, we have changed the login procedure. This change should
improve your users experience and requires no modifications to
existing applications. Now, if a user was already using Facebook,
logging into an app happens transparently. Because of this, developers
might want to provide a way for users to logout by posting the word
"confirm" to http://www.facebook.com/logout.php. Alternatively,
developers can provide a link to switch the user via the login page’s
"skipcookie" parameter (as described in the authentication guide.
What if I don't want this to happen, but rather want the user to be redirected to FB and confirm his identity even if logged in to FB? I looked everywhere for this skipcookie directive but found nothing about it, in fact I think it has been discontinued.
For the record I'm using django in my app.
Thanks in advance for any help.
That is very old, and like you said, doesn't really apply anymore especially since everything moved from oauth over to oauth 2.
What if I don't want this to happen, but rather want the user to be redirected to FB and confirm his identity even if logged in to FB?
So here's what you do. If you want to force the user to re-login to facebook (confirming his identity and it's not some person who just walked up to an unlocked computer already logged into Facebook), call FB.logout() first, then call FB.login() to log the user in. Since you called logout() first, it will force the user to log into Facebook before authorizing your app.
If anybody is still curious as to how to implement this using Django, here's how I log the user out of facebook server-side:
next_url = 'http://your.app.url/return/from/fb/'
args = {
'next':next_url,
'access_token':access_token
}
redirect_to = "https://www.facebook.com/logout.php?" + urllib.urlencode(args)
return HttpResponseRedirect(redirect_to)
With this you can log the user out using the server side script (be it python/Django or any other language/framework, just use your language's url fetching API).
With this code the user will be redirected to the FB logout url and will then return to next_url
I want to show various messages to registered users only once in my django application. I found django-announcements which seemed to do what I want - but I found in testing it marks messages as read by using a session variable, which disappears if the user logs out. This means a message is shown again to a user if they dismiss it when logged in, log out, and then log in again.
I wondered if anyone know of an application that I might be able to use here without re-inventing the wheel.
Have a look at django-notification. It is used by pinax, there it seems to work like what you are searching for. At least it saves the status in the db.
edit
Response to the comment
from the docs:
notification.send([to_user], "friends_invite", {"from_user": from_user})
so this should work:
notification.send(Users.objects.all(), "friends_invite", {"from_user": from_user})
and if a queryset isnt right:
notification.send([u for u in Users.objects.all()], "friends_invite", {"from_user": from_user})
Have you looked at the Messages Framework in Django 1.3? In Django <=1.2 it was a simple model so you could do:
for user in User.objects.all():
user.message_set.create(message="some text")
and this would be rendered in the template, and dismissed as soon as the next page is loaded (it's what Django admin uses). It has changed a bit in 1.3, but it might be handy, but not 'dismissable' in the way that maybe you want.